[OSM-dev] OpenID for OpenStreetMap?

Matt Amos zerebubuth at gmail.com
Thu Feb 10 19:24:32 GMT 2011


On Thu, Feb 10, 2011 at 7:11 PM, Serge Wroclawski <emacsen at gmail.com> wrote:
> I think the conversation is really two different questions.
>
> First is the original question about OpenID in the context of OSM and
> the other is about OpenID support generally.
>
> I think part of the feeling for a need for OpenID in OSM is about the
> fact that for several of our services, authentication isn't unified.
> That is the wiki credentials don't map to the OSM API credentials.
> help.osm does though. It's confusing.

i might be missing the point here, but are you suggesting that OSM
would be an openID provider, consumer or both?

i had thought that the discussion was limited to being an openID
consumer - i'm not sure we'd want to be a provider, with all that it
entails.

> The second issue is OpenID support in general.
>
> MHO on the issue is that while it might seem that OpenID support is
> great and widely useful, I think there are a number of implementation
> issues and concerns which are really hard to overcome.
>
> For example, how does one handle OpenID with an API? This has been
> discussed in other contexts, and unfortunately there's no good single
> answer.

my understanding is that openID would be usable on the website to
generate an OAuth token, which would then be used to access the API.
this seems like a good enough solution to me, but i could be missing
something.

> I personally believe OpenID is a great idea, but as Tom and others
> point out, the devil's in the details.
>
> OTOH the former issue, of a unified authentication mechanism- that's
> not technically hard (for the most part)- that's just a lot of work
> and a lot of disruption to the community while the transition takes
> place.

the devil's in the details and the SMOP. for instance, case
sensitivity of usernames, allowable characters, length and other
conditions. iirc, this wasn't a big deal when the wiki was set up, and
many people signed up with the same username. but since then things
have drifted a little bit (including the slightly inadvertent switch
to case-sensitive usernames for the main site) and it seems like way
more trouble than it's worth to transition now.

cheers,

matt

> That is, I'm sure the technical team knows how to solve it, but as
> someone whose completed a user authentication merge, I can tell you
> that it's painful. It's especially painful on something like a wiki,
> where not only must a user remapping take place, but that user mapping
> must be applied to each and every page.
>
> I think for new services (like help), we've solved the issue, but we
> may have to either accept the pain of the current situation for the
> wiki, or get buy in from the community for the disruption any change
> would cause.
>
> - Serge
>
> _______________________________________________
> dev mailing list
> dev at openstreetmap.org
> http://lists.openstreetmap.org/listinfo/dev
>



More information about the dev mailing list